OpenText AAT <=24.1.0 Improper Validation & Permission Checks (CVE20244692)
CVE-2024-4692 Published on October 16, 2024
Multiple missing permission checks
Improper Validation of Specified Quantity in Input vulnerability in OpenText OpenText Application Automation Tools allows Exploiting Incorrectly Configured Access Control Security Levels.
Multiple missing permission checks - Service Virtualization config has been discovered in in OpenText Application Automation Tools. The vulnerability could allow users with Overall/Read permission to enumerate Service Virtualization server names.
This issue affects OpenText Application Automation Tools: 24.1.0 and below.
Weakness Type
Improper Handling of Insufficient Permissions or Privileges
The application does not handle or incorrectly handles when it has insufficient privileges to access resources or functionality as specified by their permissions. This may cause it to follow unexpected code paths that may leave the application in an invalid state.
Products Associated with CVE-2024-4692
Want to know whenever a new CVE is published for Micro Focus Application Automation Tools? stack.watch will email you.
Affected Versions
OpenText Application Automation Tools Version 24.1.0 and below is affected by CVE-2024-4692Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.